class Slack::Events::Request

Attributes

http_request[R]
signature_expires_in[R]
signing_secret[R]

Public Class Methods

new(http_request, options = {}) click to toggle source
# File lib/slack/events/request.rb, line 13
def initialize(http_request, options = {})
  @http_request = http_request
  @signing_secret = options[:signing_secret] || Slack::Events.config.signing_secret
  @signature_expires_in =
    options[:signature_expires_in] || Slack::Events.config.signature_expires_in
end

Public Instance Methods

body() click to toggle source

Request body.

# File lib/slack/events/request.rb, line 37
def body
  @body ||= begin
    body = http_request.body.read
    http_request.body.rewind
    body
  end
end
expired?() click to toggle source

Returns true if the signature coming from Slack has expired.

# File lib/slack/events/request.rb, line 46
def expired?
  timestamp.nil? || (Time.now.to_i - timestamp.to_i).abs > signature_expires_in
end
signature() click to toggle source

The signature is created by combining the signing secret with the body of the request Slack is sending using a standard HMAC-SHA256 keyed hash.

# File lib/slack/events/request.rb, line 27
def signature
  @signature ||= http_request.get_header('HTTP_X_SLACK_SIGNATURE')
end
timestamp() click to toggle source

Request timestamp.

# File lib/slack/events/request.rb, line 21
def timestamp
  @timestamp ||= http_request.get_header('HTTP_X_SLACK_REQUEST_TIMESTAMP')
end
valid?() click to toggle source

Returns true if the signature coming from Slack is valid.

# File lib/slack/events/request.rb, line 51
def valid?
  raise MissingSigningSecret unless signing_secret

  digest = OpenSSL::Digest::SHA256.new
  signature_basestring = [version, timestamp, body].join(':')
  hex_hash = OpenSSL::HMAC.hexdigest(digest, signing_secret, signature_basestring)
  computed_signature = [version, hex_hash].join('=')
  computed_signature == signature
end
verify!() click to toggle source

Validates the request signature and its expiration.

# File lib/slack/events/request.rb, line 62
def verify!
  raise TimestampExpired if expired?
  raise InvalidSignature unless valid?

  true
end
version() click to toggle source

Signature version.

# File lib/slack/events/request.rb, line 32
def version
  'v0'
end